Friday Squid Blogging: Giant Squids Have Small Brains
New research:
In this study, the optic lobe of a giant squid (Architeuthis dux, male, mantle length 89 cm), which was caught by local fishermen off the northeastern coast of Taiwan, was scanned using high-resolution magnetic resonance imaging in order to examine its internal structure. It was evident that the volume ratio of the optic lobe to the eye in the giant squid is much smaller than that in the oval squid (Sepioteuthis lessoniana) and the cuttlefish (Sepia pharaonis). Furthermore, the cell density in the cortex of the optic lobe is significantly higher in the giant squid than in oval squids and cuttlefish, with the relative thickness of the cortex being much larger in Architeuthis optic lobe than in cuttlefish. This indicates that the relative size of the medulla of the optic lobe in the giant squid is disproportionally smaller compared with these two cephalopod species.
From the New York Times:
A recent, lucky opportunity to study part of a giant squid brain up close in Taiwan suggests that, compared with cephalopods that live in shallow waters, giant squids have a small optic lobe relative to their eye size.
Furthermore, the region in their optic lobes that integrates visual information with motor tasks is reduced, implying that giant squids don’t rely on visually guided behavior like camouflage and body patterning to communicate with one another, as other cephalopods do.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Ben A. • July 28, 2017 4:07 PM
WikiLeaks drops another cache of ‘Vault7’ stolen tools
Emissary Panda amongst others.
https://nakedsecurity.sophos.com/2017/07/26/wikileaks-drops-another-cache-of-vault7-stolen-tools/
Trust Issues: Exploiting TrustZone TEEs
@Thoth, @Clive Robinson
http://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html
The End of Triple DES
“The US National Institute of Standards and Technology (NIST) has just announced withdrawal of approval for triple DES (also known as 3DES, TDEA and sometimes DES EDE) in common protocols such as TLS and IPSec.”
https://cryptosense.com/the-end-of-triple-des/
https://beta.csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA
Cyber arm of UK spy agency left without PGP for four months
“UK spy agency GCHQ’s cyber security arm, CESG, was left without PGP encryption for more than four months, according to a government report.”
https://www.theregister.co.uk/2017/07/24/spooks_agency_cesg_left_without_pgp_for_four_months/
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/626110/20170413_HCSEC_Oversight_Board_Report_2017_-_FINAL.pdf
On Kaspersky
The author dislikes the fact that the “U.S. government used Kaspersky Lab’s products—including on DOD systems.”
https://www.lawfareblog.com/kaspersky
KL AV for Free. Secure the Whole World Will Be.
Kaspersky Free is due to be released. Coincidence? You can’t blame the company for wanting market penteration.
https://www.kaspersky.com/blog/kaspersky-free-goes-global/17811/
Exclusive: Congress asks U.S. agencies for Kaspersky Lab cyber documents
“A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out “nefarious activities against the United States,” according to letters seen by Reuters.”
http://www.reuters.com/article/us-usa-kasperskylab-probe-idUSKBN1AD2H0
Going dark: encryption and law enforcement
https://blog.malwarebytes.com/security-world/2017/07/going-dark-encryption-and-law-enforcement/
Reminder: Spies, cops don’t need to crack WhatsApp. They’ll just hack your smartphone
https://www.theregister.co.uk/2017/07/26/german_cops_pwn_phones/
WhatsApp: The Bad Guys’ Secret Weapon
https://blog.elcomsoft.com/2017/07/whatsapp-the-bad-guys-secret-weapon/
De-Anonymization, Smart Homes, and Erlang: Tor is Coming to SHA2017
https://blog.torproject.org/blog/de-anonymization-smart-homes-and-erlang-at-sha2017
Sounds bad: Researchers demonstrate “sonic gun” threat against smart devices
“A sonic “gun” could in theory be used to knock drones out of the sky, cause robots to fail, disorient virtual or augmented reality software, and even knock people off their “hoverboard” scooters. It could also potentially be used to attack self-driving cars or confuse air bag sensors in automobiles.”
https://arstechnica.com/gadgets/2017/07/sounds-bad-researchers-demonstrate-sonic-gun-threat-against-smart-devices/
macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities
“A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years.”
https://arstechnica.co.uk/information-technology/2017/07/perverse-malware-infecting-hundreds-of-macs-remained-undetected-for-years/
Novel attack tricks servers to cache expose personal data
“The so-called web caching attack targets sites that use content delivery network (CDN) services such as Akamai and Cloudflare.”
https://threatpost.com/novel-attack-tricks-servers-to-cache-expose-personal-data/127014/
Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science
FLARE VM: The Windows Malware Analysis Distribution You’ve Always Needed!
HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign
http://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html
http://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html
http://www.fireeye.com/blog/threat-research/2017/07/hawkeye-malware-distributed-in-phishing-campaign.html
EVERY app offered by alternative Android app market redirected to malware
https://www.grahamcluley.com/every-app-offered-by-alternative-android-app-market-redirected-to-malware/
Wallet-snatch hack: ApplePay ‘vulnerable to attack’, claim researchers
https://www.theregister.co.uk/2017/07/28/applepay_vuln/
Hackers can turn web-connected car washes into horrible death traps
https://www.theregister.co.uk/2017/07/27/killer_car_wash/
The opsec blunders that landed a Russian politician’s fraudster son in the clink for 27 years
https://www.theregister.co.uk/2017/07/27/russian_politicians_son_gets_27yrs_fraud/
Upcoming USB 3.2 Specification Will Double Data Rates Using Existing Cables
https://www.macrumors.com/2017/07/25/usb-3-2-specification-double-data-rates/